It looks like Indy 10 Tiburon already has experimental NTLM support.
How can I activate the NTLM authentication for the DataSnap server/client applications and use the logon information (user name, password, domain) of the destination DataSnap Server?
Related
I enabled windows authentication for asp.net mvc project. I'm in company domain, and when I send an get request to server side, I don't see any special stuff like username/pwd in header/body. How does server know who am I? And if I send an ajax call to server, do I need to include username/pwd as part of this call? Please help.
Integrated Windows Authentication uses Negotiate (Kerberos) or NTLM authentication work the same way that Basic Authentication works.
When you send an initial request, the server responds with a 400 not authorized response. The browser sees the accepted types of authentication, and prompts the user for the username/password, or if it knows how to use the current windows login token and is configured to do so, it uses that token automatically.
NTLM Working from Fiddler Perspective
I am new to WIF (Windows Identity Foundation). I've been reading about it but i have some doubts.
Is it possible to use WIF to authenticate against directory services other than AD (for example, OID) and for authentication can I connect to databases (SQL and Oracle)?
WIF doesn't actually do the authentication - it's a set of .NET classes which handle the WS-Federation protocol and token management e.g. signing, encrypting.
The authentication is provided by the STS that WIF "binds" to.
In the classic model, WIF binds to ADFS which can only authenticate against AD.
However, by using another STS (e.g. IdentityServer) you can authenticate against SQL Server.
You can roll your own STS which can authenticate against anything you want.
is the SAML protocol (Sing Sign ON) used soley for web apps and web services, or is it also used for standard applications?
REVISED:
I am looking for some windows (Standard Applications (not web based)) protocols for Single Sign On
If you are looking at Windows specifically, why not use Kerberos and Integrated Windows Authentication? It's built into Active Directory and Domain Controllers. It doesn't really work once you start crossing into the Internet and different security domains but it works well behind your firewall in a corporate environment.
However, SAML can be used for desktop applications. I've run into applications before that would retrieve the Kerberos ticket from the Desktop, make a WSTrust/RST call to an STS to validate the Kerb token and get back a SAML token in the RSTR that would be embedded into a Web Services call that the desktop application needed to make.
SAML allows secure web domains to exchange user authentication and authorization data and by definition would require an internet connection to do so. So no you would not want to use it for a desktop application.
Revised
here are the links for active directory implementation with Delphi.
http://www.agnisoft.com/white_papers/active_directory.asp
http://adsi.mvps.org/adsi/Delphi/index.html
I want to connect to the server which supports NTLM authentication. I read knowledge article “How To - Implement basic HTTP authentication” on Blackberry developers site, however I did not find any reference for NTLM authentication.
Is Blackberry does not support NTLM authentication over HTTP connection? Any work-around?
Blackberry does support NTLM authentication over HTTP with the aide of a Blackberry Server (BES) component called MDS-CS. The blackberry will pass credentials using basic authentication to the BES, which then will complete the NTLM handshake on behalf of the Blackberry. The only requirement is that Support HTTP Authentication is set to True in the MDS-CS settings on the BES.
Is there any way to have a custom form for Windows authentication so that the device used when authentication doesn't need to support NTLM in order to work? Also, is there a way to keep the automatic login for intranet users so that they do not need to login if they are already on their computer?
Is there any way to have a custom form
for Windows authentication so that the
device used when authentication
doesn't need to support NTLM in order
to work?
I guess you want to be able to authenticate users coming from outside the intranet.
In that case, Windows Authentication is not the right choice since it uses Windows user's credentials for the authentication and therefore more applicable for intranet applications.
If you really want to have Windows Authentication, your client requires NTLM or Kerberos authentication support.
Also, is there a way to keep the
automatic login for intranet users so
that they do not need to login if they
are already on their computer?
For this you can use Windows Authentication.